Another great security event has come and gone. Here are a few posts related to the recent Black Hat Europe conference held in Barcelona last April 12 – 15.
Summary posts of the conference activities:
- BlackHat Briefings Day #1
- BlackHat Briefings Day #2
- BlackHat Europe 2010 Conference
- Attending Security Conferences from a Social Point of View
Posts about individual talks during the event
- Steve Ocepek and Wendel Henrique demonstrate a man-in-the-middle attack that will steal credentials by downgrading authentication mechanisms as well as take over existing user sessions.
- Paul Stone released a browser-based point-and-shoot tool for clickjacking.
- Mario Vuksan, Tomislav Pericin and Brian Karney talked about vulnerabilities in various compression formats (ZIP, RAR, 7ZIP, CAB and GZIP), as well as their potential for steganographical use or misuse.
- Eric Filiol has done quite a bit of work to recover RC4 encrypted Office documents using cryptanalysis.
- Eduardo Vela Nava presents how IE8 can be abused by attackers in order to enable XSS on web sites and web pages that would otherwise be immune to XSS.
- Enno Rey and Daniel Mende demonstrated how to hack into two separate generations of the Cisco Wi-Fi kit.
- Mariano Nunez Di Croce demonstrated techniques for inserting into SAP applications backdoors that provide attackers a way to gain control of them.
- Manish Saindane discussed a technique that could be used to test enterprise applications that make use of JAVA Object Serialization using currently available tools.
New tools released during the event
- Clickjacking Tool – contextis.co.uk
The tool also has several ‘next-generation’ clickjacking techniques using point-and-click to visually select different elements within a webpage to be targeted.
We’ll keep you posted once the actual presentation files and videos get uploaded to the Black Hat site.